January 12, 2024 at 12:11AM
Trend Micro’s Zero Day Initiative (ZDI) disclosed 1,913 bugs in 2023 with 74% rated as Critical/High risk. The program identified vulnerabilities in attacks using zero-day exploits and provided early virtual patches to protect customers. ZDI also contributed 20% of bugs to Microsoft and 78% to Adobe, supporting both vendors in securing their software.
Based on the meeting notes, the key takeaways regarding Trend Micro’s Zero Day Initiative (ZDI) are as follows:
1. ZDI disclosed 1,913 bugs in 2023, indicating a 10% increase from 2022. Nearly 75% of these bugs were rated as Critical/High risk.
2. ZDI was effective in removing bugs from the exploit market, with approximately 7-8% of all vulnerabilities in 2023 being disclosed by ZDI.
3. ZDI provided Microsoft with 20% of all vulnerabilities disclosed in 2023, demonstrating its value to Microsoft and its products’ security.
4. ZDI also provided Adobe with 78% of all the bugs submitted to them in 2023, highlighting its significance in securing key vendors’ software.
5. ZDI disclosed 198 zero-day bugs, prompting vendors to release patches for these bugs and ensure public awareness of their existence.
6. Trend Micro’s vulnerability research, both through ZDI and internal researchers, has demonstrated expertise in the area of vulnerability research, contributing significantly to the safety of customers.
7. ZDI’s support of Pwn2Own events and the payout of over $2M in bounties in 2023 underlines its commitment to fostering and rewarding external researchers who contribute new bugs to the program.
8. Overall benefits of ZDI include providing critical bugs from both internal and external researchers, managing the disclosure process with affected vendors, and offering pre-disclosed virtual patches to customers, ensuring coverage against exploits before public patches are available.
In conclusion, Trend Micro’s Zero Day Initiative continues to be a vital force in the world of vulnerability disclosures, providing valuable services to the public, vendors, and customers.